There will be ways to verify this using, either wireshark, and pulling the session keys out of the pcap ( as you own one of the endpoints ), or using sslstrip, or squid in sslbump mode to intercept the https session.